Page Menu
Home
desp's stash
Search
Configure Global Search
Log In
Files
F229785
ProcessLister.h
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Subscribers
None
ProcessLister.h
View Options
#pragma once
#include
<windows.h>
#include
<tlhelp32.h>
#include
<vector>
#include
<psapi.h>
#include
"NativeWinApi.h"
#include
"DeviceNameResolver.h"
typedef
BOOL
(
WINAPI
*
def_IsWow64Process
)(
HANDLE
hProcess
,
PBOOL
Wow64Process
);
class
Process
{
public
:
DWORD
PID
;
DWORD
sessionId
;
DWORD_PTR
imageBase
;
DWORD_PTR
pebAddress
;
DWORD
entryPoint
;
//RVA without imagebase
DWORD
imageSize
;
WCHAR
filename
[
MAX_PATH
];
WCHAR
fullPath
[
MAX_PATH
];
Process
()
{
PID
=
0
;
}
};
enum
ProcessType
{
PROCESS_UNKNOWN
,
PROCESS_MISSING_RIGHTS
,
PROCESS_32
,
PROCESS_64
};
class
ProcessLister
{
public
:
static
def_IsWow64Process
_IsWow64Process
;
ProcessLister
()
{
deviceNameResolver
=
new
DeviceNameResolver
();
_IsWow64Process
=
(
def_IsWow64Process
)
GetProcAddress
(
GetModuleHandle
(
L
"kernel32.dll"
),
"IsWow64Process"
);
}
~
ProcessLister
()
{
delete
deviceNameResolver
;
}
std
::
vector
<
Process
>&
getProcessList
();
static
bool
isWindows64
();
static
DWORD
setDebugPrivileges
();
std
::
vector
<
Process
>&
getProcessListSnapshotNative
();
static
void
getProcessImageInformation
(
HANDLE
hProcess
,
Process
*
process
);
static
DWORD_PTR
getPebAddressFromProcess
(
HANDLE
hProcess
);
private
:
std
::
vector
<
Process
>
processList
;
DeviceNameResolver
*
deviceNameResolver
;
ProcessType
checkIsProcess64
(
HANDLE
hProcess
);
bool
getAbsoluteFilePath
(
HANDLE
hProcess
,
Process
*
process
);
void
handleProcessInformationAndAddToList
(
PSYSTEM_PROCESS_INFORMATION
pProcess
);
};
File Metadata
Details
Attached
Mime Type
text/x-c++
Expires
Mon, Apr 14, 12:22 PM (7 h, 42 m)
Storage Engine
local-disk
Storage Format
Raw Data
Storage Handle
76/0b/a1803037d2b2535fac05cd75fec9
Attached To
rSCY Scylla
Event Timeline
Log In to Comment